Rule documentation | Clayton Help Center

Clayton Help Center

All Collections

Rule documentation

Rule documentation

Learn everything about our rules, and how to leverage them drive absolute quality in your development team.

By Gabriele and 1 other2 authors95 articles

Common Weakness Enumeration mapping

What types of rules are supported by Clayton?

Security best practices

Passwords set programmatically

Hardcoded secret

Flow Access Restriction

Email spamming risk

Insecure sharing to external users

Server-side Payload Injection

User Registration Without Limits

LWC Clickjacking on CSS

Import of sensitive fields in Lightning Web Components (LWC)

Direct DOM manipulation in Lightning Web Components (LWC)

Sensitive information storage

Sensitive information logging

Excessive data access permissions

Subresource integrity

Content Security Policy (CSP)

Insecure endpoints

Named credentials

Randomization of cryptographic keys

Coding best practices

Missing fault path in Flows

Multiple record-triggered flows on the same object

Multiple automation on the same object

Call to blocklisted method

Identify methods with global visibility

Asynchronous methods in loops

Boundaries on SOQL statements

Bulkification of triggers

Business logic in triggers

Metadata API recency

Multiple triggers per object

Number of arguments per method

Number of methods per class

Send email in loops

Database operations

Database changes in Flow loop paths

Non-selective SOQL queries on large objects

Direct access utility class

Data manipulation utility class

CRUD and Field-Level Security

Data access in loops

Data manipulation in constructors

Exception handling

Transaction control

Documentation

Flows without description

Description on custom objects

Description on custom fields

Hardcoded IDs

Hardcoded ID (flows)

Hardcoded IDs in code

Hardcoded IDs in configuration

Lightning best practices

Inline JavaScript

Unsafe JavaScript

Naming conventions

Naming conventions on Apex inner classes

Naming conventions on Apex test classes

Naming conventions on Apex test inner classes

Naming conventions on Aura Controller Property

Naming conventions on sObjects

Naming conventions on sObjects fields

Naming conventions on Apex classes

Naming conventions on Apex triggers

Naming conventions on Apex methods

Naming conventions for Apex variables

Optimizations

Inactive Workflow Rules

Inactive Workflows

Possibly Unexposed Object Fields

Possibly Unused Apex Triggers

Optimized loading of resources

Unnecessary code detection

Testing best practices

Untested Lightning Web Components

Identify test coverage cheats

Assertions with comments

Minimum number of assertions

Test data isolation

Untested methods

Use of @IsTest annotation

Use of test data factories

Visualforce best practices

Salesforce1 compatibility in Visualforce

User-friendly messages in Visualforce

Visualforce view state optimization

Vulnerability protection

No autocompletion on password fields

No insecure cookies

Vulnerable third-party component

Arbitrary Page Redirect

Cross-Site Scripting (XSS)

Cross-Site Request Forgery (CSRF)

Insecure Direct Object References

SOQL/SOSL Injection

Maintainability

Inactive flows and processes

Nulls/Empty checks after lookups in Flows

Inactive validation rules

Objects with an excessive number of custom fields

High complex flows and processes

High complex Apex methods

High complex Apex files